/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package cn.cloud.all.security.access.expression.method;

import cn.cloud.all.security.access.prepost.PostInvocationAttribute;
import cn.cloud.all.security.access.prepost.PreInvocationAttribute;
import cn.cloud.all.security.access.prepost.PrePostInvocationAttributeFactory;
import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.ParseException;

/**
 * {@link PrePostInvocationAttributeFactory} which interprets the annotation value as an
 * expression to be evaluated at runtime.
 *
 * @author Luke Taylor
 * @author Rob Winch
 * @since 3.0
 */
public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory {
    private final Object parserLock = new Object();
    private ExpressionParser parser;
    private MethodSecurityExpressionHandler handler;

    public ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpressionHandler handler) {
        this.handler = handler;
    }

    public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject, String preAuthorizeAttribute) {
        try {
            // TODO: Optimization of permitAll
            ExpressionParser parser = getParser();
            Expression preAuthorizeExpression = preAuthorizeAttribute == null ? parser.parseExpression("permitAll") : parser.parseExpression(preAuthorizeAttribute);
            Expression preFilterExpression = preFilterAttribute == null ? null : parser.parseExpression(preFilterAttribute);
            return new PreInvocationExpressionAttribute(preFilterExpression, filterObject, preAuthorizeExpression);
        } catch (ParseException e) {
            throw new IllegalArgumentException("Failed to parse expression '" + e.getExpressionString() + "'", e);
        }
    }

    public PostInvocationAttribute createPostInvocationAttribute(
            String postFilterAttribute, String postAuthorizeAttribute) {
        try {
            ExpressionParser parser = getParser();
            Expression postAuthorizeExpression = postAuthorizeAttribute == null ? null : parser.parseExpression(postAuthorizeAttribute);
            Expression postFilterExpression = postFilterAttribute == null ? null : parser.parseExpression(postFilterAttribute);

            if (postFilterExpression != null || postAuthorizeExpression != null) {
                return new PostInvocationExpressionAttribute(postFilterExpression, postAuthorizeExpression);
            }
        } catch (ParseException e) {
            throw new IllegalArgumentException("Failed to parse expression '" + e.getExpressionString() + "'", e);
        }

        return null;
    }

    /**
     * Delay the lookup of the {@link ExpressionParser} to prevent SEC-2136
     */
    private ExpressionParser getParser() {
        if (this.parser != null) {
            return this.parser;
        }
        synchronized (parserLock) {
            this.parser = handler.getExpressionParser();
            this.handler = null;
        }
        return this.parser;
    }
}
